Job Description

Our Team

The Office of the CIO (OCIO) is focused on driving, executing, and optimizing the business of technology in order to create a stable, resilient, and efficient organization.

As part of the OCIO, our Technology Change Integration (TCI) team drives integration, alignment, and simplification across the complex landscape of technology change, resiliency, and IT Asset Management with the goal of minimizing the impact of potential disruption to the firm.

Our Cyber Resiliency team aligns with BNY Mellons holistic, enterprise-wide approach to managing resiliency which we define as inclusive of operational and technical resiliency, disaster recovery, and business continuity, among others. Within these elements, we have a comprehensive, mature cyber security program that enhances our ability to identify, detect, and protect the Bank from cyber-related threats. Cyber resiliency refers to the ability of a firm to continue business operations even though there could by a cyber-impacting event.

The Role

We are seeking a Gap Assessment Analyst to join our TCI Cyber Resiliency team.

BNY Mellons Cyber Resiliency program focuses on our critical business services and how we can continue to evolve and improve our ability to recover in the event of a cyberattack. You will gain a cross-functional understanding of the BNY Mellons businesses, and how we will protect (and if necessary recover) from cyber-attacks and cyber-incidents.

Key Responsibilities:

t
* Manages the compliance efforts of the Cyber Resiliency function
t
* Lead assessment activities to ensure the cyber resiliency technology risks are identified, addressed, executing appropriate tests of controls, presenting results and recommendations to management
t
* With minimal guidance, contributes to effectiveness of cyber resiliency controls assessment that help ensure ongoing compliance with key laws, regulations and policies affecting cyber resiliency risk posture.
t
* Based on assessments, partner with stakeholder as appropriate to log findings and complete initial improvement discussions.
t
* Under direct guidance, analyzes regulatory announcements and industry practices in order to current state of cyber resiliency compliance.
t
* Perform reviews of Cyber Resiliency related IT policies, standards, and procedures. Recommend corrective action to improve controls, enhance operations and increase efficiency.
t
* Partner and coordinate across multiple line of business and stakeholders to ensure successful execution of program
t
* Reviews the appropriateness of control processes for Cyber Resiliency
t
* Assists the team as needed to conduct assessment of applications, functions, process, etc
t
* Helps the business units respond to and develop reporting, as directed.
t
* As required, analyzes existing legislation, regulatory announcements and industry practices in order to ensure the assigned business is in compliance with current requirements.
t
* Contributes to projects and program tasks intended to improve compliance and enhance the control environment.
t
* Contributes to the preparation of time sensitive reporting and appropriately escalates issues to more experienced professionals

Subject matter expert responsible for supporting process leads in development, implementation, mentoring of, and maintenance of ITSM processes, training, requirements management, and testing, as well as contribute to development of strategic solutions. Communicates and promotes the process. Influences process stakeholders. Defines new and redesigns existing ITSM processes, serves as subject matter expert to lower level analysts, reviews initial drafts produced by lower level analysts and takes them to the next level prior to review and approval by management. Identifies areas for improvement in the process and supporting technology. Works with the supporting technology teams and customers to develop user stories, develop test scripts, conduct testing, participate in migrations, deliver training, update relevant documentation, and provide early-live support when the process and/or supporting technology changes are introduced. Prepares and distributes ad-hoc and scheduled reports. Escalates issues to Technology leadership. Identifies areas for improvement in the process and supporting technology. Provides technical expertise and advice to Technology and Business process practitioners and users. Coaches, trains and guides process stakeholders and team members. Develops and conducts training and presentation, as needed. Develops and conducts training and presentation, as needed. Maintains excellent knowledge of IT systems, tools, and stays abreast of new developments in IT . Coaches junior analysts. Contributes to the achievement of organizational objectives and leads process and tools implementation and executes relevant activities. MODIFIED BASED UPON LOCAL REGULATIONS/REQUIREMENTS Bachelor's degree in computer science or a related discipline, or equivalent work experience 5+ years of experience in IT; 2+ years in IT Service Management role required; experience in the financial services industry is a plus

Qualifications

QUALIFICATIONS

Bachelor's degree in computer science or a related discipline, or equivalent work experience 5+ years of experience in IT; 2+ years in IT Service Management role required; experience in the financial services industry is a plus

t
* Solid understanding of the principles of risk management, controls design, implementation, monitoring and testing, with a preferred emphasis on industry standards such as those provided by NIST and other Cyber Resiliency frameworks.
t
* Possess excellent collaborative and problem-solving skills, and an ability to explain risk concepts clearly and concisely to stakeholders across various business/technology functions.